An update for LibRaw is now available for openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1449 Final 1.0 1.0 2024-04-12 Initial 2024-04-12 2024-04-12 openEuler SA Tool V1.0 2024-04-12 LibRaw security update An update for LibRaw is now available for openEuler-20.03-LTS-SP4. LibRaw is a library for reading RAW files from digital photo cameras (CRW/CR2, NEF, RAF, etc, virtually all RAW formats are supported).It pays special attention to correct retrieval of data required for subsequent RAW conversion.The library is intended for embedding in RAW converters, data analyzers, and other programs using RAW files as the initial data. Security Fix(es): Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.(CVE-2021-32142) An update for LibRaw is now available for openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High LibRaw https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1449 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-32142 https://nvd.nist.gov/vuln/detail/CVE-2021-32142 openEuler-20.03-LTS-SP4 LibRaw-devel-0.20.2-6.oe2003sp4.aarch64.rpm LibRaw-debugsource-0.20.2-6.oe2003sp4.aarch64.rpm LibRaw-debuginfo-0.20.2-6.oe2003sp4.aarch64.rpm LibRaw-0.20.2-6.oe2003sp4.aarch64.rpm LibRaw-0.20.2-6.oe2003sp4.src.rpm LibRaw-debugsource-0.20.2-6.oe2003sp4.x86_64.rpm LibRaw-0.20.2-6.oe2003sp4.x86_64.rpm LibRaw-debuginfo-0.20.2-6.oe2003sp4.x86_64.rpm LibRaw-devel-0.20.2-6.oe2003sp4.x86_64.rpm Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. 2024-04-12 CVE-2021-32142 openEuler-20.03-LTS-SP4 High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H LibRaw security update 2024-04-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1449